-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Card type lookup #136
Comments
+1000 Incorporating this into the API would be really helpful, primarily for reducing fraud. Netflix, for one, is known to filter out prepaid. The data is definitely available and can be provided, with regular updates, by the processor (ie, First Data). There are several unofficial BIN lookup services but all seem pretty clunky / sketchy. Plus it won't work with tonkenized cards, at least not in a way that's squeaky clean in terms of PCI compliance. |
We already do this internally, we can just expose it as well. |
That would be a really useful feature. It's the kind of value-add like the ACH API that differentiates Balanced. Do you know if your BIN database covers all networks, including Amex. I've previously created my own BIN lookup based on a processor's Global BIN File. But the database did not include Amex. |
@quellhorst @401KC here's a preliminary spec for iin (new name for bin): {
"card_category": "BUSINESS CARD",
"card_type": "CREDIT",
"country_iso3": "USA",
"country_iso2": "US",
"country_code": "840",
"country_name": "UNITED STATES",
}
it would be loaded by your client when you do card.iin. what do you think? |
I think we could do without |
@quellhorst @mjallday how about {
"card_category": "BUSINESS CARD",
"card_type": "CREDIT",
"country_iso3": "USA",
"bank_phone_number": "...",
"bank_url": "...",
"bank": "..."
} what other fields do you guys think are legitimate to expose? |
looks good to me. |
Looks good to me too. |
@quellhorst I just checked our database, it will return values such as |
ping @quellhorst @401KC - what do you guys think of the above pull request. Does it make sense? |
Yeah, just looked at the diff. Makes sense to me. |
@quellhorst - believe you had some thoughts on this pull request right? |
In the documentation I'd add the return values for card_category: PREPAID, GIFT, PLATINUM, DEBIT, SIGNATURE |
Re: pull request. I don't have a technical background so I can't comment. Re: the fields. i've got my doubts about "card_category" and actually sent @mjallday an email about it this morning (too detailed for here). here's the summary: the type of field I think you're pulling from for "card_category" isn't very accurate -- at least not in my experience with BIN Files, even from legitimate sources (eg, a processor). For example, I've seen a gift card show up as just "visa classic" which isn't helpful for prepaid / gift card filtering, a key use case for this data. Instead, I found two fields very accurate and helpful: 1) Prepaid (Y/N) and 2) Usage (Pin / Signature / Hybrid). I think the discrete set of values helps with accuracy. I'd push for those, but am not sure what's available to you guys. |
@401KC I have also seen the same. Here are some prepaid cards I have, maybe balanced could tell us what values their database has for them: |
Good idea @quellhorst. Here are some other prepaid BINs (gift cards and reloadables), if Balanced has the time to test them. 374328 - Gift 372741 - Reloadable |
It looks like you should not rely on our current IIN info to determine prepaid cards at this point in time.
If this is an issue please let us know and we'll investigate what can be done to increase the reliability of our dataset for prepaid card information. |
@quellhorst @401KC so it looks like our bin data is not all that reliable. how would you be using it? if its just informational would it be sufficient to expose bin/iin info in the dashboard? |
@bninja I'd like to be able to access it via api. Would be used to help with manual reviews and automatic flagging. By having you expose what your BIN database has it would make it so I don't have to worry about PCI compliance just so that I could submit the first 6 digits of the card to a 3rd party service like 'MaxMind minFraud'. I'd rather have some of this data than none of it. |
@mjallday @mahmoudimus im fine with exposing iin data provided its noted as informational/advisory as its not reliable. we should also probably expose vai dashboard. anyway lets make the call: merge or reject. |
i wouldn't use the feature, with its current (unreliable) dataset. if card type (credit or debit) is wrong 60% of the time (like our examples above), then i think the feature does more harm than good. however, i think you guys could / should change sources to a BIN file provided by your processor (Chase Paymentech, First Data, or whoever it is). in my experience those datasets are highly accurate for most fields. i'd guess virtually 100% accurate for credit versus debit. |
Yeah, a more accurate database would be even better. @401KC so you found the best BIN databases for prepaid/gift card identification are available from the CC processor? |
@quellhorst absolutely. i've worked with First Data's BIN File and it was perfect for the dozen or so cards I tested. it did have one or two freeform fields with sketchy data but there were plenty of other accurate ones. it makes sense that payment processors have accurate data. they have to charge merchants (via acquiring banks) based on card type, and other characteristics. |
This issue has been updated to only provide card type (debit, credit, prepaid, etc.) instead of full BIN information. |
Per #419, let's expand the scope of this ticket to include business vs. personal card, in addition to card type. |
Specifically on the debit / credit card identification issue there is another interesting use case. We do a lot of donation processing for Churches and it's a fairly common request that Churches only want to accept debit cards. That way they never have to worry about someone going into debt giving. If we could offer specific merchants the ability to only accept debit it would be a nice feature. I think Faith Street + Simple Donation would probably like this feature as well. |
API 1.1 provides the {
"cards": [
{
"address": {
"city": null,
"country_code": null,
"line1": null,
"line2": null,
"postal_code": null,
"state": null
},
"avs_postal_match": null,
"avs_result": null,
"avs_street_match": null,
"bank_name": "BANK OF HAWAII",
"brand": "MasterCard",
"can_credit": false,
"can_debit": true,
"category": "other",
"created_at": "2014-09-29T22:44:18.742987Z",
"cvv": "xxx",
"cvv_match": "yes",
"cvv_result": "Match",
"expiration_month": 12,
"expiration_year": 2020,
"fingerprint": "fc4ccd5de54f42a5e75f76fbfde60948440c7a382ee7d21b2bc509ab9cfed788",
"href": "/cards/CC19fTfHe7Qew0ZondF3tpoF",
"id": "CC19fTfHe7Qew0ZondF3tpoF",
"is_verified": true,
"links": {
"customer": null
},
"meta": {},
"name": null,
"number": "xxxxxxxxxxxx5100",
"type": "credit",
"updated_at": "2014-09-29T22:44:18.742989Z"
}
],
"links": {
"cards.card_holds": "/cards/{cards.id}/card_holds",
"cards.customer": "/customers/{cards.customer}",
"cards.debits": "/cards/{cards.id}/debits",
"cards.disputes": "/cards/{cards.id}/disputes"
}
} |
I'd like a feature that lets me do a bin lookup on a tokenized card. This way I could identification prepaid credit cards and gift cards.
The text was updated successfully, but these errors were encountered: